Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
This commit is contained in:
Dominick Grift
parent
e8ea772d89
commit
1976ddda24
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run gnomeclock.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`gnomeclock_domtrans',`
|
||||
|
||||
@ -70,7 +70,7 @@ interface(`hal_use_fds',`
|
||||
type hald_t;
|
||||
')
|
||||
|
||||
allow $1 hald_t:fd use;
|
||||
allow $1 hald_t:fd use;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -88,7 +88,7 @@ interface(`hal_dontaudit_use_fds',`
|
||||
type hald_t;
|
||||
')
|
||||
|
||||
dontaudit $1 hald_t:fd use;
|
||||
dontaudit $1 hald_t:fd use;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -107,7 +107,7 @@ interface(`hal_rw_pipes',`
|
||||
type hald_t;
|
||||
')
|
||||
|
||||
allow $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||
allow $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -126,7 +126,7 @@ interface(`hal_dontaudit_rw_pipes',`
|
||||
type hald_t;
|
||||
')
|
||||
|
||||
dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||
dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -360,7 +360,7 @@ interface(`hal_read_pid_files',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to read
|
||||
## Do not audit attempts to read
|
||||
## hald PID files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@ -451,9 +451,9 @@ interface(`hal_dontaudit_leaks',`
|
||||
type hald_var_run_t;
|
||||
')
|
||||
|
||||
dontaudit $1 hald_t:fd use;
|
||||
dontaudit $1 hald_t:fd use;
|
||||
dontaudit $1 hald_log_t:file rw_inherited_file_perms;
|
||||
dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
dontaudit hald_t $1:socket_class_set { read write };
|
||||
dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
|
||||
')
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run icecast.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`icecast_domtrans',`
|
||||
@ -118,9 +118,9 @@ interface(`icecast_read_log',`
|
||||
## icecast log files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`icecast_append_log',`
|
||||
@ -183,7 +183,5 @@ interface(`icecast_admin',`
|
||||
allow $2 system_r;
|
||||
|
||||
icecast_manage_pid_files($1)
|
||||
|
||||
icecast_manage_log($1)
|
||||
|
||||
')
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run ifplugd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ifplugd_domtrans',`
|
||||
|
||||
@ -55,7 +55,6 @@ interface(`inetd_core_service_domain',`
|
||||
## </param>
|
||||
#
|
||||
interface(`inetd_tcp_service_domain',`
|
||||
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
')
|
||||
|
||||
@ -2,95 +2,95 @@
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run jabberd services
|
||||
## Execute a domain transition to run jabberd services
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`jabber_domtrans_jabberd',`
|
||||
gen_require(`
|
||||
type jabberd_t, jabberd_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type jabberd_t, jabberd_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, jabberd_exec_t, jabberd_t)
|
||||
domtrans_pattern($1, jabberd_exec_t, jabberd_t)
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run jabberd router service
|
||||
## Execute a domain transition to run jabberd router service
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`jabber_domtrans_jabberd_router',`
|
||||
gen_require(`
|
||||
type jabberd_router_t, jabberd_router_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type jabberd_router_t, jabberd_router_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
|
||||
domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Read jabberd lib files.
|
||||
## Read jabberd lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`jabberd_read_lib_files',`
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Dontaudit inherited read jabberd lib files.
|
||||
## Dontaudit inherited read jabberd lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`jabberd_dontaudit_read_lib_files',`
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
|
||||
dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
|
||||
dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete
|
||||
## jabberd lib files.
|
||||
## Create, read, write, and delete
|
||||
## jabberd lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`jabberd_manage_lib_files',`
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type jabberd_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -121,7 +121,7 @@ interface(`jabber_admin',`
|
||||
ps_process_pattern($1, jabberd_t)
|
||||
|
||||
allow $1 jabberd_router_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, jabberd_router_t)
|
||||
ps_process_pattern($1, jabberd_router_t)
|
||||
|
||||
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
|
||||
domain_system_change_exemption($1)
|
||||
|
||||
@ -26,9 +26,9 @@
|
||||
## Execute kadmind in the current domain
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`kerberos_exec_kadmind',`
|
||||
@ -44,9 +44,9 @@ interface(`kerberos_exec_kadmind',`
|
||||
## Execute a domain transition to run kpropd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`kerberos_domtrans_kpropd',`
|
||||
@ -235,7 +235,7 @@ template(`kerberos_keytab_template',`
|
||||
type $1_keytab_t;
|
||||
files_type($1_keytab_t)
|
||||
|
||||
allow $2 $1_keytab_t:file read_file_perms;
|
||||
allow $2 $1_keytab_t:file read_file_perms;
|
||||
|
||||
kerberos_read_keytab($2)
|
||||
kerberos_use($2)
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run kerneloops.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`kerneloops_domtrans',`
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run ksmtuned.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ksmtuned_domtrans',`
|
||||
@ -70,5 +70,4 @@ interface(`ksmtuned_admin',`
|
||||
domain_system_change_exemption($1)
|
||||
role_transition $2 ksmtuned_initrc_exec_t system_r;
|
||||
allow $2 system_r;
|
||||
|
||||
')
|
||||
|
||||
@ -2,42 +2,40 @@
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute OpenLDAP in the ldap domain.
|
||||
## Execute OpenLDAP in the ldap domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ldap_domtrans',`
|
||||
gen_require(`
|
||||
type slapd_t, slapd_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, slapd_exec_t, slapd_t)
|
||||
gen_require(`
|
||||
type slapd_t, slapd_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, slapd_exec_t, slapd_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute OpenLDAP server in the ldap domain.
|
||||
## Execute OpenLDAP server in the ldap domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ldap_initrc_domtrans',`
|
||||
gen_require(`
|
||||
type slapd_initrc_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type slapd_initrc_exec_t;
|
||||
')
|
||||
|
||||
init_labeled_script_domtrans($1, slapd_initrc_exec_t)
|
||||
init_labeled_script_domtrans($1, slapd_initrc_exec_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read the contents of the OpenLDAP
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run lircd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`lircd_domtrans',`
|
||||
@ -16,7 +16,6 @@ interface(`lircd_domtrans',`
|
||||
')
|
||||
|
||||
domain_auto_trans($1, lircd_exec_t, lircd_t)
|
||||
|
||||
')
|
||||
|
||||
######################################
|
||||
@ -44,9 +43,9 @@ interface(`lircd_stream_connect',`
|
||||
## Read lircd etc file
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`lircd_read_config',`
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
template(`mailman_domain_template', `
|
||||
template(`mailman_domain_template',`
|
||||
type mailman_$1_t;
|
||||
domain_type(mailman_$1_t)
|
||||
role system_r types mailman_$1_t;
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run memcached.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`memcached_domtrans',`
|
||||
|
||||
@ -121,19 +121,19 @@ interface(`milter_manage_spamass_state',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Delete dkim-milter PID files.
|
||||
## Delete dkim-milter PID files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`milter_delete_dkim_pid_files',`
|
||||
gen_require(`
|
||||
type dkim_milter_data_t;
|
||||
')
|
||||
gen_require(`
|
||||
type dkim_milter_data_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
|
||||
files_search_pids($1)
|
||||
delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
|
||||
')
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
|
||||
## <summary>policy for mock</summary>
|
||||
|
||||
########################################
|
||||
@ -6,9 +5,9 @@
|
||||
## Execute a domain transition to run mock.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mock_domtrans',`
|
||||
@ -19,7 +18,6 @@ interface(`mock_domtrans',`
|
||||
domtrans_pattern($1, mock_exec_t, mock_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search mock lib directories.
|
||||
@ -55,7 +53,7 @@ interface(`mock_read_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -75,7 +73,7 @@ interface(`mock_manage_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -94,7 +92,7 @@ interface(`mock_manage_lib_dirs',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
')
|
||||
|
||||
#########################################
|
||||
@ -113,7 +111,7 @@ interface(`mock_manage_lib_symlinks',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -132,7 +130,7 @@ interface(`mock_manage_lib_chr_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -177,7 +175,7 @@ interface(`mock_run',`
|
||||
#
|
||||
interface(`mock_role',`
|
||||
gen_require(`
|
||||
type mock_t;
|
||||
type mock_t;
|
||||
')
|
||||
|
||||
role $1 types mock_t;
|
||||
@ -226,7 +224,7 @@ interface(`mock_signal',`
|
||||
interface(`mock_admin',`
|
||||
gen_require(`
|
||||
type mock_t;
|
||||
type mock_var_lib_t;
|
||||
type mock_var_lib_t;
|
||||
')
|
||||
|
||||
allow $1 mock_t:process { ptrace signal_perms };
|
||||
@ -234,5 +232,4 @@ interface(`mock_admin',`
|
||||
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, mock_var_lib_t)
|
||||
|
||||
')
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run modemmanager.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`modemmanager_domtrans',`
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
|
||||
## <summary>policy for daemon for playing music</summary>
|
||||
|
||||
########################################
|
||||
@ -6,9 +5,9 @@
|
||||
## Execute a domain transition to run mpd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_domtrans',`
|
||||
@ -19,7 +18,6 @@ interface(`mpd_domtrans',`
|
||||
domtrans_pattern($1, mpd_exec_t, mpd_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute mpd server in the mpd domain.
|
||||
@ -40,79 +38,79 @@ interface(`mpd_initrc_domtrans',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Read mpd data files.
|
||||
## Read mpd data files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_read_data_files',`
|
||||
gen_require(`
|
||||
type mpd_data_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mpd_data_t;
|
||||
')
|
||||
|
||||
mpd_search_lib($1)
|
||||
read_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||
read_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Read mpd tmpfs files.
|
||||
## Read mpd tmpfs files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_read_tmpfs_files',`
|
||||
gen_require(`
|
||||
type mpd_tmpfs_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mpd_tmpfs_t;
|
||||
')
|
||||
|
||||
fs_search_tmpfs($1)
|
||||
read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
')
|
||||
|
||||
###################################
|
||||
## <summary>
|
||||
## Manage mpd tmpfs files.
|
||||
## Manage mpd tmpfs files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_manage_tmpfs_files',`
|
||||
gen_require(`
|
||||
type mpd_tmpfs_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mpd_tmpfs_t;
|
||||
')
|
||||
|
||||
fs_search_tmpfs($1)
|
||||
manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Manage mpd data files.
|
||||
## Manage mpd data files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_manage_data_files',`
|
||||
gen_require(`
|
||||
type mpd_data_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mpd_data_t;
|
||||
')
|
||||
|
||||
mpd_search_lib($1)
|
||||
manage_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||
mpd_search_lib($1)
|
||||
manage_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -150,7 +148,7 @@ interface(`mpd_read_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -170,36 +168,36 @@ interface(`mpd_manage_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Create an object in the root directory, with a private
|
||||
## type using a type transition.
|
||||
## Create an object in the root directory, with a private
|
||||
## type using a type transition.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="private type">
|
||||
## <summary>
|
||||
## The type of the object to be created.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## The type of the object to be created.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="object">
|
||||
## <summary>
|
||||
## The object class of the object being created.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## The object class of the object being created.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mpd_var_lib_filetrans',`
|
||||
gen_require(`
|
||||
type mpd_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mpd_var_lib_t;
|
||||
')
|
||||
|
||||
filetrans_pattern($1, mpd_var_lib_t, $2, $3)
|
||||
filetrans_pattern($1, mpd_var_lib_t, $2, $3)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -218,7 +216,7 @@ interface(`mpd_manage_lib_dirs',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -245,7 +243,7 @@ interface(`mpd_admin',`
|
||||
type mpd_etc_t;
|
||||
type mpd_data_t;
|
||||
type mpd_log_t;
|
||||
type mpd_var_lib_t;
|
||||
type mpd_var_lib_t;
|
||||
type mpd_tmpfs_t;
|
||||
')
|
||||
|
||||
@ -258,11 +256,11 @@ interface(`mpd_admin',`
|
||||
allow $2 system_r;
|
||||
|
||||
admin_pattern($1, mpd_etc_t)
|
||||
files_search_etc($1)
|
||||
files_search_etc($1)
|
||||
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, mpd_var_lib_t)
|
||||
|
||||
|
||||
mpd_search_lib($1)
|
||||
admin_pattern($1, mpd_data_t)
|
||||
|
||||
|
||||
@ -39,7 +39,6 @@ interface(`mta_stub',`
|
||||
## </param>
|
||||
#
|
||||
template(`mta_base_mail_template',`
|
||||
|
||||
gen_require(`
|
||||
attribute user_mail_domain;
|
||||
type sendmail_exec_t;
|
||||
@ -225,18 +224,18 @@ interface(`mta_agent_executable',`
|
||||
## Dontaudit read and write an leaked file descriptors
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mta_dontaudit_leaks_system_mail',`
|
||||
gen_require(`
|
||||
type system_mail_t;
|
||||
')
|
||||
gen_require(`
|
||||
type system_mail_t;
|
||||
')
|
||||
|
||||
dontaudit $1 system_mail_t:fifo_file write;
|
||||
dontaudit $1 system_mail_t:tcp_socket { read write };
|
||||
dontaudit $1 system_mail_t:fifo_file write;
|
||||
dontaudit $1 system_mail_t:tcp_socket { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -376,7 +375,7 @@ interface(`mta_send_mail',`
|
||||
allow mta_user_agent $1:process sigchld;
|
||||
allow mta_user_agent $1:fifo_file rw_fifo_file_perms;
|
||||
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
dontaudit system_mail_t $1:socket_class_set { read write };
|
||||
')
|
||||
')
|
||||
@ -962,20 +961,20 @@ interface(`mta_filetrans_aliases',`
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## ALlow domain to read mail content in the homedir
|
||||
## ALlow domain to read mail content in the homedir
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mta_read_home',`
|
||||
gen_require(`
|
||||
type mail_home_t;
|
||||
')
|
||||
gen_require(`
|
||||
type mail_home_t;
|
||||
')
|
||||
|
||||
userdom_search_user_home_dirs($1)
|
||||
userdom_search_admin_dir($1)
|
||||
read_files_pattern($1, mail_home_t, mail_home_t)
|
||||
userdom_search_user_home_dirs($1)
|
||||
userdom_search_admin_dir($1)
|
||||
read_files_pattern($1, mail_home_t, mail_home_t)
|
||||
')
|
||||
|
||||
@ -37,8 +37,7 @@ template(`munin_plugin_template',`
|
||||
# automatic transition rules from munin domain
|
||||
# to specific munin plugin domain
|
||||
domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
|
||||
allow munin_t $1_munin_plugin_t:process signal;
|
||||
|
||||
allow munin_t $1_munin_plugin_t:process signal;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -85,20 +84,20 @@ interface(`munin_read_config',`
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## dontaudit read and write an leaked file descriptors
|
||||
## dontaudit read and write an leaked file descriptors
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`munin_dontaudit_leaks',`
|
||||
gen_require(`
|
||||
type munin_t;
|
||||
')
|
||||
gen_require(`
|
||||
type munin_t;
|
||||
')
|
||||
|
||||
dontaudit $1 munin_t:tcp_socket { read write };
|
||||
dontaudit $1 munin_t:tcp_socket { read write };
|
||||
')
|
||||
|
||||
#######################################
|
||||
|
||||
@ -12,7 +12,6 @@
|
||||
## </param>
|
||||
#
|
||||
template(`nagios_plugin_template',`
|
||||
|
||||
gen_require(`
|
||||
type nagios_t, nrpe_t;
|
||||
type nagios_log_t;
|
||||
|
||||
@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',`
|
||||
## Allow caller to relabel tun_socket
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`networkmanager_attach_tun_iface',`
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run nslcd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nslcd_domtrans',`
|
||||
|
||||
@ -9,9 +9,9 @@
|
||||
## Execute a domain transition to run oddjob.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oddjob_domtrans',`
|
||||
@ -24,21 +24,21 @@ interface(`oddjob_domtrans',`
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Do not audit attempts to read and write
|
||||
## oddjob fifo file.
|
||||
## Do not audit attempts to read and write
|
||||
## oddjob fifo file.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oddjob_dontaudit_rw_fifo_file',`
|
||||
gen_require(`
|
||||
type shutdown_t;
|
||||
')
|
||||
gen_require(`
|
||||
type shutdown_t;
|
||||
')
|
||||
|
||||
dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -89,20 +89,20 @@ interface(`oddjob_dbus_chat',`
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Send a SIGCHLD signal to oddjob.
|
||||
## Send a SIGCHLD signal to oddjob.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oddjob_sigchld',`
|
||||
gen_require(`
|
||||
type oddjob_t;
|
||||
')
|
||||
gen_require(`
|
||||
type oddjob_t;
|
||||
')
|
||||
|
||||
allow $1 oddjob_t:process sigchld;
|
||||
allow $1 oddjob_t:process sigchld;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oident_read_user_content', `
|
||||
interface(`oident_read_user_content',`
|
||||
gen_require(`
|
||||
type oidentd_home_t;
|
||||
')
|
||||
@ -38,7 +38,7 @@ interface(`oident_read_user_content', `
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oident_manage_user_content', `
|
||||
interface(`oident_manage_user_content',`
|
||||
gen_require(`
|
||||
type oidentd_home_t;
|
||||
')
|
||||
@ -58,7 +58,7 @@ interface(`oident_manage_user_content', `
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`oident_relabel_user_content', `
|
||||
interface(`oident_relabel_user_content',`
|
||||
gen_require(`
|
||||
type oidentd_home_t;
|
||||
')
|
||||
|
||||
@ -23,9 +23,9 @@ interface(`openct_signull',`
|
||||
## Execute openct in the caller domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`openct_exec',`
|
||||
@ -42,9 +42,9 @@ interface(`openct_exec',`
|
||||
## Execute a domain transition to run openct.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`openct_domtrans',`
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`pads_admin', `
|
||||
interface(`pads_admin',`
|
||||
gen_require(`
|
||||
type pads_t, pads_config_t;
|
||||
type pads_var_run_t, pads_initrc_exec_t;
|
||||
|
||||
@ -2,19 +2,19 @@
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Execute passenger in the passenger domain.
|
||||
## Execute passenger in the passenger domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The type of the process performing this action.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## The type of the process performing this action.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`passenger_domtrans',`
|
||||
gen_require(`
|
||||
type passenger_t;
|
||||
type passenger_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type passenger_t;
|
||||
type passenger_exec_t;
|
||||
')
|
||||
|
||||
allow $1 self:capability { fowner fsetid };
|
||||
|
||||
@ -27,43 +27,42 @@ interface(`passenger_domtrans',`
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Manage passenger var_run content.
|
||||
## Manage passenger var_run content.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`passenger_manage_pid_content',`
|
||||
gen_require(`
|
||||
type passenger_var_run_t;
|
||||
')
|
||||
gen_require(`
|
||||
type passenger_var_run_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_pids($1)
|
||||
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read passenger lib files
|
||||
## Read passenger lib files
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`passenger_read_lib_files',`
|
||||
gen_require(`
|
||||
type passenger_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type passenger_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||
')
|
||||
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run pcscd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`pcscd_domtrans',`
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run pingd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`pingd_domtrans',`
|
||||
@ -55,7 +55,6 @@ interface(`pingd_manage_config',`
|
||||
files_search_etc($1)
|
||||
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
|
||||
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
|
||||
|
||||
')
|
||||
|
||||
#######################################
|
||||
|
||||
@ -1,44 +1,42 @@
|
||||
|
||||
## <summary>policy for piranha</summary>
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Creates types and rules for a basic
|
||||
## cluster init daemon domain.
|
||||
## Creates types and rules for a basic
|
||||
## cluster init daemon domain.
|
||||
## </summary>
|
||||
## <param name="prefix">
|
||||
## <summary>
|
||||
## Prefix for the domain.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Prefix for the domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
template(`piranha_domain_template',`
|
||||
|
||||
gen_require(`
|
||||
attribute piranha_domain;
|
||||
')
|
||||
gen_require(`
|
||||
attribute piranha_domain;
|
||||
')
|
||||
|
||||
##############################
|
||||
#
|
||||
# piranha_$1_t declarations
|
||||
#
|
||||
#
|
||||
# piranha_$1_t declarations
|
||||
#
|
||||
|
||||
type piranha_$1_t, piranha_domain;
|
||||
type piranha_$1_exec_t;
|
||||
init_daemon_domain(piranha_$1_t, piranha_$1_exec_t)
|
||||
|
||||
# pid files
|
||||
type piranha_$1_var_run_t;
|
||||
files_pid_file(piranha_$1_var_run_t)
|
||||
type piranha_$1_var_run_t;
|
||||
files_pid_file(piranha_$1_var_run_t)
|
||||
|
||||
##############################
|
||||
#
|
||||
# piranha_$1_t local policy
|
||||
#
|
||||
#
|
||||
# piranha_$1_t local policy
|
||||
#
|
||||
|
||||
manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
||||
manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
||||
manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
||||
files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
|
||||
files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -46,9 +44,9 @@ template(`piranha_domain_template',`
|
||||
## Execute a domain transition to run fos.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`piranha_domtrans_fos',`
|
||||
@ -61,56 +59,56 @@ interface(`piranha_domtrans_fos',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run lvsd.
|
||||
## Execute a domain transition to run lvsd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`piranha_domtrans_lvs',`
|
||||
gen_require(`
|
||||
type piranha_lvs_t, piranha_lvs_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type piranha_lvs_t, piranha_lvs_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
|
||||
domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run pulse.
|
||||
## Execute a domain transition to run pulse.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`piranha_domtrans_pulse',`
|
||||
gen_require(`
|
||||
type piranha_pulse_t, piranha_pulse_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type piranha_pulse_t, piranha_pulse_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
|
||||
domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute pulse server in the pulse domain.
|
||||
## Execute pulse server in the pulse domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`piranha_pulse_initrc_domtrans',`
|
||||
gen_require(`
|
||||
type piranha_pulse_initrc_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type piranha_pulse_initrc_exec_t;
|
||||
')
|
||||
|
||||
init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
|
||||
init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -130,7 +128,7 @@ interface(`piranha_read_log',`
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
read_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
read_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -139,9 +137,9 @@ interface(`piranha_read_log',`
|
||||
## piranha log files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`piranha_append_log',`
|
||||
@ -169,7 +167,7 @@ interface(`piranha_manage_log',`
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
|
||||
manage_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
|
||||
manage_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user